Authorizing drone access to fulfillment centers

ABSTRACT

Systems and methods for authorizing drones with access to airborne fulfillment centers (AFCs) and other warehouse facilities are described. For example, the systems and methods perform multiple authentication processes, including a physical authentication process and a virtual or electronic authentication process, when determining whether a drone is authorized to access an AFC. Once authorized, the drone may access the AFC to pick up and/or deliver packages or other products, to recharge, to seek repairs, to be housed, and so on.

BACKGROUND

Airborne Fulfillment Centers (AFCs), and other floating or remotefacilities, are automated warehouses designed to house products andother stock to be purchased by consumers. AFCs may interact with or beserviced by fleets of delivery drones (e.g., fleets of autonomousunmanned aerial vehicles) capable of pick-up and delivery of theproducts stored by the AFCs. For example, an AFC may be a blimp-likevehicle that floats above a certain area or geographical location andstores items, products, and other stock to be delivered to variousendpoints (e.g., purchasers houses or buildings) within the geographicallocation.

Given their position in the air and/or at remote locations, AFCs andother remotely-located fulfillment centers may be vulnerable to attacksby malicious actors, such as attacks from drones attempting toinfiltrate the AFCs to steal products or otherwise disrupt theoperations or functionality of the AFCs and/or their systems.

These and other problems exist with respect to deploying AFCs as centralhubs of products to be delivered to customers.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the present technology will be described and explainedthrough the use of the accompanying drawings.

FIG. 1 is a diagram illustrating a suitable network environment.

FIGS. 2A-2B are diagrams illustrating the authentication of a drone toan airborne fulfillment center.

FIGS. 3A-3D are diagrams illustrating various example physicalcredentials configurations provided by a drone during a physicalauthentication process.

FIG. 4 is a block diagram illustrating components of a droneauthentication system.

FIG. 5 is a flow diagram Illustrating a method for authorizing a dronewith access to an airborne fulfillment center.

The drawings have not necessarily been drawn to scale. Similarly, somecomponents and/or operations may be separated into different blocks orcombined into a single block for the purposes of discussion of some ofthe embodiments of the present technology. Moreover, while thetechnology is amenable to various modifications and alternative forms,specific embodiments have been shown by way of example in the drawingsand are described in detail below. The intention, however, is not tolimit the technology to the particular embodiments described. On thecontrary, the technology is intended to cover all modifications,equivalents, and alternatives falling within the scope of the technologyas defined by the appended claims.

DETAILED DESCRIPTION

Overview

Systems and methods for authorizing drones with access to airbornefulfillment centers (AFCs) and other warehouse facilities are described.For example, the systems and methods perform multiple authenticationprocesses, including a physical authentication process and a virtual orelectronic authentication process, when determining whether a drone isauthorized to access an AFC. Once authorized, the drone may access theAFC to pick up and/or deliver packages or other products, to recharge,to seek repairs, to be housed, and so on.

In some embodiments, the systems and methods provide a drone with accessto the airborne fulfillment center by receiving a request for access tothe airborne fulfillment center by a drone located within a geographicalregion that includes the airborne fulfillment center, and sending arequest to the drone for virtual access credentials associated with thedrone. Upon receiving the virtual access credentials from the drone, thesystems and methods determine whether the virtual access credentialsmatch virtual access credentials stored in a database of theauthorization system, and when the virtual access credentials matchaccess credentials stored in the database of the authorization system,send a request to the drone to provide physical access credentials.

The systems and methods determine whether the physical accesscredentials match a physical access verification device associated withthe authorization system (e.g., a certain configuration of a probe ofthe drone couples to the verification device), and when the physicalaccess credentials match the physical access verification device, thesystems and methods authorize the drone with access to the airbornefulfillment center.

In some embodiments, when the virtual access credentials and/or physicalaccess credentials do not match access credentials stored in thedatabase of the authorization system, the systems and methods mayinitiate a protection mechanism to protect the airborne fulfillmentcenter from a possible cyberattack or physical attack originating fromthe drone.

Thus, in some embodiments, the systems and methods authorize a dronewith access to a facility, such as an AFC, by performing a firstauthentication process that identifies a drone based on virtualcredentials provided by the drone, performing a second authenticationprocess that identifies the drone based on physical credentials providedby the drone, and determining the drone is authorized to the access thefacility based on the identification of the drone via the virtualcredentials and the physical credentials provided by the drone.

By performing a multi-stage authentication process, which, in somecases, includes physical and virtual authentication mechanisms, thesystems and methods may provide AFCs and other fulfillment centers orproduct warehouses with enhanced levels of security and protection,among other benefits.

In the following description, for the purposes of explanation, numerousspecific details are set forth in order to provide a thoroughunderstanding of embodiments of the present technology. It will beapparent, however, to one skilled in the art that embodiments of thepresent technology may be practiced without some of these specificdetails. While, for convenience, embodiments of the present technologyare described with reference to delivery drones, embodiments of thepresent technology are equally applicable to customized scheduling andmanagement of drones and other autonomous vehicles for any purpose(e.g., autonomous cabs). In addition, the types of drones utilized bysome embodiments are not limited to aerial vehicles but instead relateto any vehicle capable of air, sea, or land based transit. For example,delivery drones may include water-based drones that ride on top of orunder water.

The techniques introduced here can be embodied as special-purposehardware (e.g., circuitry), as programmable circuitry appropriatelyprogrammed with software and/or firmware, or as a combination ofspecial-purpose and programmable circuitry. Hence, embodiments mayinclude a non-transitory computer- and/or machine-readable medium havingstored thereon instructions which may be used to program a computer (orother electronic devices) to perform a process. The machine-readablemedium may include, but is not limited to, floppy diskettes, opticaldisks, compact disc read-only memories (CD-ROMs), magneto-optical disks,ROMs, random access memories (RAMs), erasable programmable read-onlymemories (EPROMs), electrically erasable programmable read-only memories(EEPROMs), magnetic or optical cards, flash memory, or other type ofmedia/machine-readable medium suitable for storing electronicinstructions.

The phrases “in some embodiments,” “according to some embodiments,” “inthe embodiments shown,” “in other embodiments,” and the like generallymean the particular feature, structure, or characteristic following thephrase is included in at least one implementation of the presenttechnology, and may be included in more than one implementation. Inaddition, such phrases do not necessarily refer to the same embodimentsor different embodiments.

Examples of a Suitable Network Environment

As described herein, although airborne fulfillment centers (and otherfloating or airborne vehicles, such as other drones, satellites, and soon) provide an efficient and localized mechanism for facilitating thedelivery of products to customers within a certain geographical locationvia delivery drones, they may be vulnerable to attacks by other airbornevehicles, such as drones posing or representing themselves as deliverydrones associated with a certain AFC or company. For example, an unknowndrone may attempt to access the AFC, or travel to a close proximity ofthe AFC), to steal goods from the AFC, cause physical harm to the AFC,cause electronic harm (e.g., signaling harm) to the AFC, disrupt theorbit or flight path of the AFC, or perform other nefarious attacks oractions.

Therefore, an AFC, in order to protect itself and the various products,commercial merchandise/goods, and/or data contained by the AFC, mayinterrogate approaching drones, such as drones requesting access to theAFC, in order to verify the approaching drones are authorized and/orknown to the AFC.

FIG. 1 is a diagram illustrating a suitable network environment 100 thatfacilitates communications between various drones 120A-N and an airbornefulfillment center 140. As illustrated in FIG. 1, the networkenvironment 100 shows a geographical region (e.g., a city or metro area)that includes a ground-level area 107 (e.g., buildings, roads, houses,and so on), and an area above the ground 105 that has multiple deliverydrones 120A-120N (e.g., such as a quadcopter or other autonomousaircraft). For example, the delivery drones 120A-120N includes a drone120A approaching or proximate to the AFC 140, a drone 120B at a distancefrom the AFC 140 (e.g., not approaching or not proximate to the AFC140), a drone 120C on a delivery to one of the buildings within theground-level area 107, and other drones 120N.

The AFC 140, the drones 120A-N, and other network components maycommunicate with one another over a communications network 130. Inaccordance with various embodiments, delivery drones 120A-120N mayinclude network communication components that enable the delivery dronesto communicate with the AFC 140, such as with servers within the AFC 140and/or remote from the AFC 140, including a drone authentication system150, to be described herein, and/or other portable electronic devices(not shown) by transmitting and receiving wireless signals usinglicensed, semi-licensed or unlicensed spectra over communicationsnetwork 130.

In some cases, communication network 130 may be comprised of multiplenetworks, even multiple heterogeneous networks, such as one or moreborder networks, voice networks, broadband networks, service providernetworks, Internet Service Provider (ISP) networks, and/or PublicSwitched Telephone Networks (PSTNs), interconnected via gatewaysoperable to facilitate communications between and among the variousnetworks. The communications network 130 can also include third-partycommunications networks such as a Global System for Mobile (GSM) mobilecommunications network, a code/time division multiple access (CDMA/TDMA)mobile communications network, a 3rd or 4th generation (3G/4G) mobilecommunications network (e.g., General Packet Radio Service(GPRS/EGPRS)), Enhanced Data rates for GSM Evolution (EDGE), UniversalMobile Telecommunications System (UMTS), or Long Term Evolution (LTE)network), or other communications network. In some cases, the drones120A-120N may directly communicate with the AFC via various peer-to-peercommunication protocols, such as Bluetooth™.

Those skilled in the art will appreciate that various other components(not shown) may be included in delivery drones 120A-120N to enablenetwork communication. For example, a delivery drone may be configuredto communicate over a GSM or newer mobile telecommunications network. Asa result, the delivery drone 120A-120N may include a Subscriber IdentityModule (SIM) card that stores an International Mobile SubscriberIdentity (IMSI) number that is used to identify the delivery drones120A-120N on the GSM mobile or other communications networks, forexample, those employing 3G and/or 4G wireless protocols. One advantageof this type of configuration is that the delivery drone can be equippedwith one or more cellular radios to permit direct communication withusers, e.g. sending a text when the drone approaches a departure orarrival location. If delivery drone 120A-120N is configured tocommunicate over another communications network, the delivery drone120A-120N may include other components that enable it to be identifiedon the other communications networks.

In some embodiments, delivery drones 120A-120N may include componentsthat enable them to connect to a communications network using GenericAccess Network (GAN), Unlicensed Mobile Access (UMA), or LTE-U standardsand protocols. For example, delivery drones 120A-120N may includecomponents that support Internet Protocol (IP)-based communication overa Wireless Local Area Network (WLAN) and components that enablecommunication with the telecommunications network over the IP-basedWLAN. Further, while not shown, the delivery drones 120A-120N mayinclude capabilities for permitting communications with satellites.check-in with drone management engine 140 and/or remote servers150A-150N.

The AFC 140 may include or be associated with various servers thatcollect and manage a variety of information. For example, the servers,which may be part of the AFC 140 or located remotely from the AFC 140,may include an availability server, a registration server, and alocation server. The AFC 140 may query the availability server todetermine which delivery drones 120A-120N are available for completing adelivery within a specified time window. The results of the query maythen be used by the AFC 140 for the coordination and scheduling of apackage pick-up and delivery. For example, the AFC 140 may select dronesbased on location, timing availability, maximum speed, range, cargocapabilities (e.g., size, weight, etc.), cost of operation, and/or otherfactors (e.g., weather conditions, landing areas, etc.).

The registration may be configured to register users (e.g., via agraphical user interface) of the delivery system. Once a user isregistered, the user may then access the system to schedule customizeddeliveries. The location server may be used to store the current andpast locations of each delivery drone 120A-120N within the dronedelivery fleet. While not illustrated, the system may connect to otherservers for items such as, but not limited to, weather forecasts,geographical reports, flight restrictions, etc., and thereby activelymodify drone availability, drone routes, and so on, based on data fromthese other servers. In accordance with some embodiments, the deliverydrones can be operated automatically using a GPS navigation systemthat's built on-board to provide updated navigation route. The GPSsystem can calculate the optimum route or routes that are preprogrammedbetween major cities/destinations. The GPS system and other componentsof the delivery drones could also be updated remotely usingFirmware-Over-The-Air.

While not illustrated in FIG. 1, some embodiments allow for the deliverysystem to be an integral part of a marketplace as part of a value addedservice. In accordance with some embodiments, a user buying or sellingan item may select drone-based delivery. Once a transaction iscompleted, the marketplace may interface with the delivery system toautomatically schedule a pick-up and drop-off with the seller and buyer.

Further details regarding the delivery system and the coordination ofthe drones 120A-120N with respect to the AFC 140 for deliveries andother operations are described in commonly-assigned U.S. patentapplication Ser. No. 14/869,922, filed on Sep. 29, 2015, entitledDRONE-BASED PERSONAL DELIVERY SYSTEM, which is hereby incorporated byreference in its entirety.

As described herein, the AFC 140 may include, or be associated with(e.g., at a remote server) the drone authentication system 150, whichincludes components or modules configured to interrogate approachingdrones (e.g., drone 120A) to the AFC 140. For example, in order toauthorize the drone 120A to access or travel to a certain proximity tothe AFC 140, the system 150, as described herein, may perform a firstauthentication process that identifies a drone based on virtualcredentials provided by the drone, and perform a second authenticationprocess that identifies the drone based on physical credentials providedby the drone. Further details regarding the authentication processesperformed and/or facilitated by the drone authentication system 150 willbe described herein.

FIG. 1 and the discussion herein provide a brief, general description ofthe suitable computing environment 100 in which the systems and methodscan be supported and implemented. Although not required, aspects of thesystems and methods are described in the general context ofcomputer-executable instructions, such as routines executed by ageneral-purpose computer, e.g., mobile device, a server computer, orpersonal computer. Those skilled in the relevant art will appreciatethat the system can be practiced with other communications, dataprocessing, or computer system configurations, including: Internetappliances, hand-held devices (including tablet computers and/orpersonal digital assistants (PDAs)), all manner of cellular or mobilephones, multi-processor systems, microprocessor-based or programmableconsumer electronics, set-top boxes, network PCs, mini-computers,mainframe computers, and the like. Indeed, the terms “computer,” “host,”and “host computer,” and “mobile device” and “handset” are generallyused interchangeably herein, and refer to any of the above devices andsystems, as well as any data processor.

Aspects of the system can be embodied in a special purpose computingdevice or data processor that is specifically programmed, configured, orconstructed to perform one or more of the computer-executableinstructions explained in detail herein. Aspects of the system may alsobe practiced in distributed computing environments where tasks ormodules are performed by remote processing devices, which are linkedthrough a communications network, such as a Local Area Network (LAN),Wide Area Network (WAN), or the Internet. In a distributed computingenvironment, program modules may be located in both local and remotememory storage devices.

Aspects of the system may be stored or distributed on computer-readablemedia (e.g., physical and/or tangible non-transitory computer-readablestorage media), including magnetically or optically readable computerdiscs, hard-wired or preprogrammed chips (e.g., EEPROM semiconductorchips), nanotechnology memory, or other data storage media. Indeed,computer implemented instructions, data structures, screen displays, andother data under aspects of the system may be distributed over theInternet or over other networks (including wireless networks), on apropagated signal on a propagation medium (e.g., an electromagneticwave(s), a sound wave, etc.) over a period of time, or they may beprovided on any analog or digital network (packet switched, circuitswitched, or other scheme). Those skilled in the relevant art willrecognize that portions of the system reside on a server computer, whilecorresponding portions reside on a client computer such as a mobile orportable device, and thus, while certain hardware platforms aredescribed herein, aspects of the system are equally applicable to nodeson a network. In an alternative embodiment, the mobile device orportable device may represent the server portion, while the server mayrepresent the client portion.

In some cases, the communication network 130 may be comprised ofmultiple networks, even multiple heterogeneous networks, such as one ormore border networks, voice networks, broadband networks, serviceprovider networks, Internet Service Provider (ISP) networks, and/orPublic Switched Telephone Networks (PSTNs), interconnected via gatewaysoperable to facilitate communications between and among the variousnetworks. As described herein, the communications network may alsoinclude third-party communications networks such as a Global System forMobile (GSM) mobile communications network, a code/time divisionmultiple access (CDMA/TDMA) mobile communications network, a 3rd or 4thgeneration (3G/4G) mobile communications network (e.g., General PacketRadio Service (GPRS/EGPRS)), Enhanced Data rates for GSM Evolution(EDGE), Universal Mobile Telecommunications System (UMTS), Long TermEvolution (LTE) network), Voice over LTE (VoLTE), IMS network, or othercommunications network.

Examples of Authorizing Drones to Access an AFC

As described herein, an airborne fulfillment center, or AFC, in someembodiments, includes a drone authentication system 150 configured toidentify and/or authorize access to the AFC 140 for the drones 120A-120Nthat may approach the AFC 140.

FIGS. 2A-2B are diagrams illustrating the authentication of a drone toan airborne fulfillment center. FIG. 2A depicts a first authenticationprocess or mechanism, where the drone 120A communicates virtualcredentials to the drone authentication system 150 over thecommunications network 130. The virtual credentials may be, for example,a username and password, an identifier for the drone, one or more visualindicators associated with the drone, an encryption key, and so on.

FIG. 2B depicts a second authentication process or mechanism, where thedrone 120A provides physical credentials to the drone authenticationsystem 150. As shown, the drone may include a probe 220, which presentsone or more configurable physical keys or components that are configuredto couple to a physical access verification device 210 of the droneauthentication system 150.

For example, the probe 220 may be configured to provide a variable setof pins or other protrusions, in effect acting as a configurable “key,”which may couple to a “lock” or other reception or input component ofthe verification device 210. FIGS. 3A-3D are diagrams illustratingvarious example physical credentials provided by a drone during aphysical authentication process.

As shown, the configuration of one or more pins 315 extending from aface 310 or other surface of the probe 220 may vary. Each differentconfiguration (e.g., 4 pins as shown in FIG. 3A, two diagonal pins asshown in FIG. 3B, two vertical pins as shown in FIG. 3C, two larger pinsas shown in FIG. 3D, and so on), may represent the identification of thedrone 120A, and be dynamically generated and/or configured, such as inresponse to a request from the system 150 after the virtual credentialsof the drone are initially authenticated by the system 150.

Of course, the configuration of the pins 315, the shape of the pins 315,and/or the geometry of the face 310 may vary based on the application oras requested by the system 150, in order to ensure the probe 220 acts asa key or other physical verification device for the drone 120A.

Therefore, in some embodiments, the system 150 may generate and send aset of physical access credentials to the drone 120A after receiving thevirtual access credentials from the drone 120A. The drone 120A, inresponse, provides a certain configuration (e.g., as shown in FIG. 3C)of the face 310 of the probe 210, and physically couples the probe 220to the verification device 210, for authorization to the AFC 140.

Thus, the system 150 may authorize a drone with access to the AFC 140after a suitable or actual occurrence of a form fits function couplingbetween the probe 220 of the drone 120A and an input component of thephysical access verification device 210.

Of course, the system 150 may utilize other physical verification orcoupling devices or components during the physical authenticationprocess shown in FIG. 2B. For example, the system 150, via the device210, may capture (e.g., take an image) of information (e.g., icons,identifiers, and so on) displayed by the drone 120, may request othertypes of probes, keys, and/or coupling components to physically couplewith the verification device 210, and so on.

As described herein, the system, using the multi-stage authenticationprocesses described herein, facilitates, manages, and/or controls accessto the AFC 140 for various approaching drones 120A-120 FIG. 4 is a blockdiagram illustrating components of the drone authentication system 150.The drone authentication system 150 may include functional modules orsystems that are implemented with a combination of software (e.g.,executable instructions, or computer code) and hardware (e.g., at leasta memory and processor). Accordingly, as used herein, in some examples amodule or system is a processor-implemented module, system, or set ofcode and represents a computing device having a processor that is atleast temporarily configured and/or programmed by executableinstructions stored in memory to perform one or more of the particularfunctions that are described herein. For example, the system 150includes an access request module 410, a virtual authentication module420, a physical authentication module 430, and a protection module 440.

In some embodiments, the access request module 410 is configured and/orprogrammed to receive a request for access to a product fulfillmentcenter, such as the AFC 140, by a drone located at a geographical regionthat includes the product fulfillment center.

In some embodiments, the virtual authentication module 420 is configuredand/or programmed to send a request to the drone for virtual accesscredentials associated with the drone, and upon receiving the virtualaccess credentials from the drone, determine whether the virtual accesscredentials match virtual access credentials stored in a database of theauthorization system.

For example, the virtual authentication module 420 may store or beassociated with a credentials database 450 that stores, via various datastructures, information identifying drones 120A-120N authorized toaccess one or more areas of the product fulfillment center. Table 1present as example (e.g., albeit simplified) data structure contained inthe credentials database 450:

TABLE 1 Drone ID Authentication Authorized Areas Drone12345 Virtual andphysical Warehouse1, repair Drone34444 Virtual and physical Repair,recharge Drone88987 Virtual Warehouse1, warehouse2

As shown in the table, the data structure may include various entriesthat relate drone identifiers to authentication levels to authorizedareas, among other information.

In some embodiments, the physical authentication module 430 isconfigured and or programmed to, when the virtual access credentialsmatch access credentials stored in the database 350 of the authorizationsystem 150, send a request to the drone to provide physical accesscredentials, determine whether the physical access credentials match thephysical access verification device 210 associated with theauthorization system, and when the physical access credentials match thephysical access verification device, authorize the drone with access tothe product fulfillment center (e.g., AFC).

For example, the physical authentication module 430 may determine that acertain configuration of pins extending from the probe 220 of the droneis coupled to an input component of the physical access verificationdevice 210 and/or otherwise determine an occurrence of a form fitsfunction coupling between the probe 220 of the drone and the inputcomponent of the physical access verification device 210.

In some cases, as described herein, the drone 120A may only beauthorized to access one or more specific areas of the AFC 140. Forexample, the module 430 may authorize access to a product delivery areaof the product fulfillment center (e.g., to pick up or drop off packagesor other items to be delivered), to a drone repair area of the productfulfillment center (e.g., to receive repairs, such as batteryreplacements, rotor replacements, general maintenance, and so on), to adrone recharging area of the product fulfillment center (e.g., torecharge the battery of the drone), and so on.

In some embodiments, the protection module 440 is configured andprogrammed to, when the virtual access credentials and/or physicalaccess credentials do not match access credentials or expected coupling,initiate a protection mechanism to protect the product fulfillmentcenter from a possible cyberattack or physical attack originating fromthe drone.

For example, the protection module 440 may initiate an operation to jamone or more signals of the drone, prevent communications between thedrone and the product fulfillment center, or otherwise disrupt thecommunication capabilities of the drone. As another example, theprotection module 440 may initiate an operation to physically attack thedrone, to move the drone away from the product fulfillment center.

Therefore, in some cases, the protection module 440 may initiateprocesses or operations to warn unknown or unauthorized drones frommoving towards the AFC 140 and/or attempting to access the AFC 140, andmay continue the processes or operations to provide a virtual securitycocoon for the AFC 140, where side-channel attacks are mitigated orprevented, among other benefits.

As described herein, the system 150 performs various processes ormethods to authorize drones 120A-120N to access and/or approach the AFC140. FIG. 5 is a flow diagram Illustrating a method 500 for authorizinga drone with access to the airborne fulfillment center 140. The method500 may be performed by the drone authentication system 150, and,accordingly, is described herein merely by way of reference thereto. Itwill be appreciated that the method 500 may be performed on any suitablehardware.

In operation 510, the system 150 receives a request for access to theairborne fulfillment center by a drone located within a geographicalregion that includes the airborne fulfillment center. For example, theaccess request module 410 may receive a request from drone 120A toaccess the AFC 140 to pick up a package to deliver to a customer.

In operation 520, the system 150 sends a request to the drone forvirtual access credentials associated with the drone, and, uponreceiving the virtual access credentials from the drone, determines, inoperation 530, whether the virtual access credentials match virtualaccess credentials stored in a database of the authorization system. Forexample, the virtual authentication module 420 may store or beassociated with the credentials database 450 that stores, via variousdata structures, information identifying drones 120A-120N authorized toaccess one or more areas of the product fulfillment center, and comparesthe received virtual access credentials to the stored information.

When the virtual access credentials match access credentials stored inthe database of the authorization system 150, the method proceeds tooperation 540, and the system 150 sends a request to the drone toprovide physical access credentials.

When the virtual access credentials do not match access credentialsstored in the database of the authorization system, the method 500proceeds to operation 550, and the system 150 initiates a protectionmechanism to protect the airborne fulfillment center from a possiblecyberattack or physical attack originating from the drone.

In operation 560, the system 150 determines whether the physical accesscredentials match a physical access verification device associated withthe authorization system. For example, the physical authenticationmodule 430 may determine that a certain configuration of pins extendingfrom the probe 220 of the drone is coupled to an input component of thephysical access verification device 210 and/or otherwise determine anoccurrence of a form fits function coupling between the probe 220 of thedrone and the input component of the physical access verification device210.

When the physical access credentials match the physical accessverification device, the method 500 proceeds to operation 570, and thesystem 150 authorizes the drone with access to the airborne fulfillmentcenter. For example, the physical authentication module 430 mayauthorize access to a product delivery area of the product fulfillmentcenter (e.g., to pick up or drop off packages or other items to bedelivered), to a drone repair area of the product fulfillment center(e.g., to receive repairs, such as battery replacements, rotorreplacements, general maintenance, and so on), to a drone rechargingarea of the product fulfillment center (e.g., to recharge the battery ofthe drone), and so on.

When the physical access credentials do not match the physical accessverification device, the method 500 again proceeds to operation 550, andthe system initiates a protection mechanism to protect the airbornefulfillment center from a possible cyberattack or physical attackoriginating from the drone. For example, the protection module 440 mayinitiate an operation to jam one or more signals of the drone, preventcommunications between the drone and the product fulfillment center, orotherwise disrupt the communication capabilities of the drone. Asanother example, the protection module 440 may initiate an operation tophysically attack the drone, to move the drone away from the productfulfillment center.

Therefore, in some embodiments, the drone authentication system 150performs various authentication processes to protect the AFC 140, and/orits contents or data, including an authentication process thatidentifies a drone based on virtual credentials provided by the droneand/or an authentication process that identifies the drone based onphysical credentials provided by the drone. By following the variousprocesses, the AFC 140, via the system 150, may be protected frompotentially harmful attacks originating from unknown drones, such asdrones pretending to represent delivery drones known to the AFC 140,among other benefits.

Conclusion

Unless the context clearly requires otherwise, throughout thedescription and the claims, the words “comprise,” “comprising,” and thelike are to be construed in an inclusive sense, as opposed to anexclusive or exhaustive sense; that is to say, in the sense of“including, but not limited to.” As used herein, the terms “connected,”“coupled,” or any variant thereof means any connection or coupling,either direct or indirect, between two or more elements; the coupling orconnection between the elements can be physical, logical, or acombination thereof. Additionally, the words “herein,” “above,” “below,”and words of similar import, when used in this application, refer tothis application as a whole and not to any particular portions of thisapplication. Where the context permits, words in the above DetailedDescription using the singular or plural number may also include theplural or singular number respectively. The word “or,” in reference to alist of two or more items, covers all of the following interpretationsof the word: any of the items in the list, all of the items in the list,and any combination of the items in the list.

The above Detailed Description of examples of the technology is notintended to be exhaustive or to limit the technology to the precise formdisclosed above. While specific examples for the technology aredescribed above for illustrative purposes, various equivalentmodifications are possible within the scope of the technology, as thoseskilled in the relevant art will recognize. For example, while processesor blocks are presented in a given order, alternative implementationsmay perform routines having steps, or employ systems having blocks, in adifferent order, and some processes or blocks may be deleted, moved,added, subdivided, combined, and/or modified to provide alternative orsubcombinations. Each of these processes or blocks may be implemented ina variety of different ways. Also, while processes or blocks are attimes shown as being performed in series, these processes or blocks mayinstead be performed or implemented in parallel, or may be performed atdifferent times. Further any specific numbers noted herein are onlyexamples: alternative implementations may employ differing values orranges.

The teachings of the technology provided herein can be applied to othersystems, not necessarily the system described above. The elements andacts of the various examples described above can be combined to providefurther implementations of the technology. Some alternativeimplementations of the technology may include not only additionalelements to those implementations noted above, but also may includefewer elements.

These and other changes can be made to the technology in light of theabove Detailed Description. While the above description describescertain examples of the technology, and describes the best modecontemplated, no matter how detailed the above appears in text, thetechnology can be practiced in many ways. Details of the system may varyconsiderably in each specific implementation, while still beingencompassed by the technology disclosed herein. As noted above,particular terminology used when describing certain features or aspectsof the technology should not be taken to imply that the terminology isbeing redefined herein to be restricted to any specific characteristics,features, or aspects of the technology with which that terminology isassociated. In general, the terms used in the following claims shouldnot be construed to limit the technology to the specific examplesdisclosed in the specification, unless the above Detailed Descriptionsection explicitly defines such terms. Accordingly, the actual scope ofthe technology encompasses not only the disclosed examples, but also allequivalent ways of practicing or implementing the technology under theclaims.

To reduce the number of claims, certain aspects of the technology arepresented below in certain claim forms, but the applicant contemplatesthe various aspects of the technology in any number of claim forms. Forexample, while only one aspect of the technology is recited as acomputer-readable medium claim, other aspects may likewise be embodiedas a computer-readable medium claim, or in other forms, such as beingembodied in a means-plus-function claim. Any claims intended to betreated under 35 U.S.C. § 112(f) will begin with the words “means for”,but use of the term “for” in any other context is not intended to invoketreatment under 35 U.S.C. § 112(f). Accordingly, the applicant reservesthe right to pursue additional claims after filing this application topursue such additional claim forms, in either this application or in acontinuing application.

What is claimed is:
 1. A method performed by an authorization system ofan airborne fulfillment center (AFC) for providing a drone with accessto the airborne fulfillment center, the method comprising: receiving arequest for access to the airborne fulfillment center by a drone locatedwithin a geographical region that includes the airborne fulfillmentcenter; sending a request to the drone for virtual access credentialsassociated with the drone; upon receiving the virtual access credentialsfrom the drone, determining whether the virtual access credentials matchvirtual access credentials stored in a database of the authorizationsystem, wherein the database of the authorization system includes a datastructure that relates drones known to the airborne fulfillment centerwith access credentials for the known drones; if the virtual accesscredentials match access credentials stored in the database of theauthorization system, sending a request to the drone to provide physicalaccess credentials; determining whether the physical access credentialsmatch a physical access verification device associated with theauthorization system based on determining whether a certainconfiguration of pins extending from a probe of the drone couples to aninput component of the physical access verification device; and if thephysical access credentials match the physical access verificationdevice, authorizing the drone with access to the airborne fulfillmentcenter.
 2. The method of claim 1, further comprising: if the virtualaccess credentials do not match access credentials stored in thedatabase of the authorization system, initiating a protection mechanismto protect the airborne fulfillment center from a possible cyberattackor physical attack originating from the drone.
 3. The method of claim 1,further comprising: if the physical access credentials do not match thephysical access verification device, initiating a protection mechanismto protect the airborne fulfillment center from a possible cyberattackor physical attack originating from the drone.
 4. The method of claim 1,wherein authorizing the drone with access to the airborne fulfillmentcenter includes authorizing the drone with access to a product deliveryarea of the airborne fulfillment center.
 5. The method of claim 1,wherein authorizing the drone with access to the airborne fulfillmentcenter includes authorizing the drone with access to a drone repair areaof the airborne fulfillment center.
 6. The method of claim 1, whereinauthorizing the drone with access to the airborne fulfillment centerincludes authorizing the drone with access to a drone recharging area ofthe airborne fulfillment center.
 7. The method of claim 1, whereinsending a request to the drone to provide physical access credentialsincludes generating a set of physical access credentials to be providedby the drone after receiving the virtual access credentials from thedrone.
 8. An authorization system for a product fulfillment center, thesystem comprising: an access request module that receives a request foraccess to the product fulfillment center by a drone located at ageographical region that includes the product fulfillment center; avirtual authentication module that: sends a request to the drone forvirtual access credentials associated with the drone; and upon receivingthe virtual access credentials from the drone, determines whether thevirtual access credentials match virtual access credentials stored in adatabase of the authorization system, wherein the database of theauthorization system includes a data structure that relates drones knownto the product fulfillment center with access credentials for the knowndrones; a physical authentication module that: when the virtual accesscredentials match access credentials stored in the database of theauthorization system, sends a request to the drone to provide physicalaccess credentials; determines whether the physical access credentialsmatch a physical access verification device associated with theauthorization system; and when the physical access credentials match thephysical access verification device, authorizes the drone with access tothe product fulfillment center; and a protection module that, when thevirtual access credentials do not match access credentials stored in thedatabase of the authorization system, initiates a protection mechanismto protect the product fulfillment center from a possible cyberattack orphysical attack originating from the drone, wherein the protectionmechanism includes physically attacking the drone to cause the drone tomove the drone away from the product fulfillment center.
 9. The systemof claim 8, wherein the protection mechanism includes jamming one ormore signals of the drone or preventing communications between the droneand the product fulfillment center.
 10. The system of claim 8, whereinthe physical authentication module determines that a certainconfiguration of pins extending from a probe of the drone is coupled toan input component of the physical access verification device.
 11. Thesystem of claim 8, wherein the physical authentication module authorizesthe drone with access to a product delivery area of the productfulfillment center.
 12. The system of claim 8, wherein the physicalauthentication module authorizes the drone with access to a drone repairarea of the product fulfillment center.
 13. The system of claim 8,wherein the physical authentication module authorizes the drone withaccess to a drone recharging area of the product fulfillment center. 14.The system of claim 8, wherein the product fulfillment center is anairborne vehicle that floats above the geographical region.
 15. Thesystem of claim 8, wherein the product fulfillment center is aground-based facility within the geographical region.
 16. Anon-transitory computer-readable medium whose contents, when executed byan access authorization system associated with a facility that providespackages for delivery to customers by drones, cause the accessauthorization system to perform a method for authenticating a drone tothe facility, the method comprising: performing a first authenticationprocess that identifies a drone based on virtual credentials provided bythe drone; performing a second authentication process that identifiesthe drone based on physical credentials provided by the drone, whereinthe second authentication process includes a determination that acertain configuration of pins extending from a probe of the drone iscoupled to an input component of the facility; and determining the droneis authorized to the access the facility based on the identification ofthe drone via the virtual credentials and the physical credentialsprovided by the drone.